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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 
CFR 1 .17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality 
of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed 
on December 28, 2007 has been entered. 

2. Applicant's response filed on November 29, 2007 has been carefully considered. Claims 1 , 
3, 5, 6, 8, 10, 12, 13, 15, 17, 21, 23, 25, and 26 have been amended. Claims 2, 9, 16 and 22 have been 
canceled. Claims 1, 3-8, 10-15, 17-21 and 23-32 are pending. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 
of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 

4. Claims 1, 3-8, 10-15, 17-21 and 23-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Arrow et al. (U.S. Patent No. 6,175,917 B1), hereinafter "Arrow", in view of Yamaguchi 
etal. (U.S. Pub. No. 2001/0042201 A1), hereinafter "Yamaguchi". 

Referring to claim 1 : 

i. Arrow teaches: 

A network comprising: 

IPsec processing apparatuses, which use an IPsec (Internet Protocol security 
protocol) for securing security on the Intern path in the case where different two centers communicate via 
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the Internet (see figure 1, elements 115, 125, 135, 145, 155; and column 6, line 61, through column 7, line 
7, of Arrow); and 

an IPsec setting server apparatus, which manages IPsec settings of said IPsec 
processing apparatuses (see figure 1, element 160; figure 13, elements 1314 "define access control rules", 
1316 "define address translation rules"; and column 15, line 69, through column 16, line 15, of Arrow); 

wherein said Ipsec setting server apparatus includes means for collectively managing 
policies of said IPsec to be applied between first and second IPsec processing apparatuses (see figure 1, 
element 160; figure 13, elements 1314 "define access control rules", 1316 "define address translation 
rules"; and column 15, line 69, through column 16, line 15 of Arrow), and 

wherein said IPsec setting server apparatus includes means for specifying policies of 
said IPsec to be applied between said first and second IPsec processing apparatuses based upon contents 
of a request message for communication between said first and second IPsec processing apparatus 
received from said first IPsec processing apparatus (see figure 11, element 1102 ' receive request to 
configure VPN unit'; figure 13, elements 1310 'define VPN parameters', 1314 'define access control rules '. 
1316 'define address translation rules ': and column 15, line 52-column 16, line 15, of Arrow, emphasis 
added). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of Arrow). 
However, Arrow does not specifically mention the IPsec (Internet Protocol security protocol). 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi discloses 
using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph [0008] of Yamaguchi). 

iii. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Yamaguchi into the method of Arrow to use IPsec. 

iv. The ordinary skilled person would have been motivated to have applied the teaching of 
Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches implementing VPN (Virtual 
Private Network) via IP (Internet Protocol), and Yamaguchi discloses using IPsec to implement VPN (see 
page 1, paragraph [0008] of Yamaguchi). Therefore, Yamaguchi's teaching would be a good match to 
Arrow's teaching. 

Referring to claims 3-4, 10-11, 16-17, 23-24, 29 : 
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Arrow and Yamaguchi teach the claimed subject matter: a network. They further disclose 
transmitting messages between IPsec setting server apparatus and IPsec processing apparatus (see 
column 9, lines 19-22 of Arrow). 
Referring to claims 15, 28 : 

Arrow and Yamaguchi teach the claimed subject matter: a network. They further disclose the 
inquiry means (see page 4, paragraph [0045], lines 1-5 of Yamaguchi). 
Referring to claims 5, 12, 25 : 

Arrow and Yamaguchi teach the claimed subject matter: a network. They further disclose 
generating SA (Security Association) parameters (see figure 13, element 1310 'define VPN parameters'; 
and column 15, lines 52-54 of Arrow). 
Referring to claims 6, 13, 26 : 

Arrow and Yamaguchi teach the claimed subject matter: a network. They further disclose 
send a message including the policies and the SA parameters (see figure 13, elements 1310, 1314, 1316; 
and column 9, lines 19-22 of Arrow). 

Referring to claims 7, 14, 19. 27. 31 : 

Arrow and Yamaguchi teach the claimed subject matter: a network. They further disclose the 
keys for encryption and authentication (see column 1 1 , lines 32-34 of Arrow). 
Referring to claim 8 : 

i. Arrow teaches: 

An IPsec setting server apparatus managing IPsec setting of IPsec processing 
apparatuses, which use an IPsec (Internet Protocol security protocol) for securing security on the Internet 
path in the case where different two centers communicate via the Internet (see figure 1, element 160; 
figure 13, elements 1314 "define access control rules", 1316 "define address translation rules"; and column 
15, line 69, through column 16, line 15, of Arrow), 

wherein said IPsec setting server apparatus includes means for collectively managing 
policies of said IPsec to be applied among sad IPsec processing apparatuses (see figure 1, element 160; 
figure 13, elements 1314 "define access control rules", 1316 "define address translation rules"; and 
column 15, line 69, through column 16, line 15 of Arrow), and 

wherein said IPsec setting server apparatus includes means for specifying policies of 
said IPsec to be applied between said first and second IPsec processing apparatuses based upon contents 
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of a request message for communication between said first and second IPsec processing apparatus 
received from said first IPsec processing apparatus (see figure 11, element 1102 ' receive request to 
configure VPN unit'; figure 13, elements 1310 'define VPN parameters', 1314 'define access control rules ', 
1316 'define address translation rules ': and column 15, line 52-column 16, line 15, of Arrow, emphasis 
added). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54 of Arrow). 
However, Arrow does not specifically mention the IPsec (Internet Protocol security protocol). 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi discloses 
using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph [0008] of Yamaguchi). 

iii. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Yamaguchi into the method of Arrow to use IPsec. 

iv. The ordinary skilled person would have been motivated to have applied the teaching of 
Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches implementing VPN (Virtual 
Private Network) via IP (Internet Protocol), and Yamaguchi discloses using IPsec to implement VPN (see 
page 1, paragraph [0008] of Yamaguchi). Therefore, Yamaguchi's teaching would be a good match to 
Arrow's teaching. 

Referring to claim 15 : 

i. Arrow teaches: 

An IPsec processing apparatus using an IPsec (Internet Protocol security protocol) on 
the Internet, wherein said IPsec processing apparatus includes means for, upon receiving a packet to 
which said IPsec should be applied, 

judging whether or not to inquire a setting for said IPsec to be collectively managed in 
an IPsec setting server apparatus from said IPsec setting server apparatus (see column 4, lines 38-40; 
column 1 1 , lines 27-30 of Arrow). 

wherein said IPsec processing apparatus includes means for transmitting a request 
message for communication with another IPsec processing apparatus to said IPsec setting server 
apparatus in order to acquire a setting for said IPsec (see figure 11, element 1102 ' receive request to 
configure VPN unit'; figure 13, elements 1310 'define VPN parameters', 1314 'define access control rules ', 
1316 'define address translation rules ': and column 15, line 52-column 16, line 15, of Arrow, emphasis 
added). 
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Arrow discloses IP protocol and IP packets (see column 6, lines 51-54; and column 9, 
lines 19-22 of Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi discloses 
using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph [0008] of Yamaguchi). 

iii. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Yamaguchi into the method of Arrow to use IPsec. 

iv. The ordinary skilled person would have been motivated to have applied the teaching of 
Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches implementing VPN (Virtual 
Private Network) via IP (Internet Protocol), and Yamaguchi discloses using IPsec to implement VPN (see 
page 1, paragraph [0008] of Yamaguchi). Therefore, Yamaguchi's teaching would be a good match to 
Arrow's teaching. 

Referring to claims 18, 30 : 

Arrow and Yamaguchi teach the claimed subject matter: an IPsec processing apparatus. 
They further disclose the SPD, SAD (see e.g. figure 10, elements 1010, 1005 of Yamaguchi). 
Referring to claims 20, 32 : 

Arrow and Yamaguchi teach the claimed subject matter: an IPsec processing apparatus. 
They further disclose acquiring new setting information (see column 10, lines 41-51 of Arrow). 
Referring to claim 21 : 

i. Arrow teaches: 

An IPsec setting method for a network which comprises: 

IPsec processing apparatuses, which use an IPsec (Internet Protocol security 
protocol) for securing security on the Internet path in the case where different two centers communicate via 
the Internet (see figure 1, elements 115, 125, 135, 145, 155; and column 6, line 61, through column 7, line 
7, of Arrow); and 

an IPsec setting server apparatus, which manage IPsec settings of said IPsec 
processing apparatuses (see figure 1, element 160; figure 13, elements 1314 "define access control rules", 
1316 "define address translation rules"; and column 15, line 69, through column 16, line 15, of Arrow), 

wherein said IPsec setting server apparatus includes a step of collectively managing 
policies of said IPsec to be applied among said IPsec processing apparatuses (see figure 1, element 160; 
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figure 13, elements 1314 "define access control rules", 1316 "define address translation rules"; and 
column 15, line 69, through column 16, line 15 of Arrow), and 

wherein said IPsec setting server apparatus includes means for specifying policies of 
said IPsec to be applied between said first and second IPsec processing apparatuses based upon contents 
of a request message for communication between said first and second IPsec processing apparatus 
received from said first IPsec processing apparatus (see figure 11, element 1102 ' receive request to 
configure VPN unit'; figure 13, elements 1310 'define VPN parameters', 1314 'define access control rules ', 
1316 'define address translation rules '; and column 15, line 52-column 16, line 15, of Arrow, emphasis 
added). 

Arrow discloses IP protocol and IP packets (see column 6, lines 51-54; and column 9, 
lines 19-22 of Arrow). However, Arrow does not specifically mention the IPsec (Internet Protocol security 
protocol). 

ii. Yamaguchi teaches a security communication method wherein Yamaguchi discloses 
using IPsec to implement VPN (Virtual Private Network) (see page 1, paragraph [0008] of Yamaguchi). 

iii. It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Yamaguchi into the method of Arrow to use IPsec. 

iv. The ordinary skilled person would have been motivated to have applied the teaching of 
Yamaguchi into the system of Arrow to use IPsec, because Arrow teaches implementing VPN (Virtual 
Private Network) via IP (Internet Protocol), and Yamaguchi discloses using IPsec to implement VPN (see 
page 1, paragraph [0008] of Yamaguchi). Therefore, Yamaguchi's teaching would be a good match to 
Arrow's teaching. 

Response to Arguments 

5. Applicant's arguments filed November 29, 2007 have been fully considered but they are not 
persuasive. 

Applicant argues: 

"However, there is no teaching or suggestion in Arrow of the VPN management station specifying 
policies of IPsec to be applied between the IPsec processing apparatuses. Further, there is no teaching or 
suggestion of the VPN management station 160 receiving or utilizing the contents of a request message for 
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communication between the IPsec processing apparatuses." (see page 1, last line, Applicant's 
Arguments/Remarks, emphasis added) 
Examiner maintains: 

Arrow discloses "In state 1310, the system manager defines VPN parameters for authentication, 
encryption, and compression functions to be associated with a newly created VPN . Next, the system 
manager proceeds to state 1312. In state 1312, the system manager assembles groups of entities and 
remote clients into a VPN. States 1310 and 1312 are repeated for each VPN that the system manager 
desires to create. 

The system manager then proceeds to state 1314. In state 1314, the system manager defines 
access control rules [i.e., policies] for VPN units. These access control rules specify which types of 
communications are allowed to pass through a VPN unit. For example, an access control rule may specify 
that communications between non-members of a VPN and members of a particular VPN are not allowed to 
pass through a particular VPN unit. Next, the system manager proceeds to state 1316. 

In state 1316, the system manager specifies address translation rules [i.e., policies] for each VPN 
unit. These address translation rules support static translation, dynamic translation and port translation. 
For example, the rules make it possible to use the same address for two different nodes that are located on 
different local area networks that are coupled to the public network through VPN units. The VPN units use 
the address translation rules to translate the same local addresses into different public network addresses. 
Address translation rules also facilitate mapping multiple local addresses to a single public network 
address. In one embodiment, this is accomplished by using the same public network address with different 
port identifiers for different local addresses. The system manager then proceeds to state 1320, which is an 
end state." (see column 15, line 52-column 16, line 15 of Arrow, emphasis added). Therefore, Arrow 
discloses that the VPN management station specifying policies of IPsec to be applied between the IPsec 
processing apparatuses. 

Arrow further discloses "One function of VPN management station 160 is to manage the 
configuration of VPN units, such as VPN unit 115, through the issuance of configuration requests. FIG. 11 
depicts an illustrative procedure for issuing a configuration request to install a new VPN unit operating 
system program on VPN unit 115. The procedure commences with state 1 100. In state 1 102 a request is 
received, illustratively from a user, to alter the configuration of VPN unit 115 . VPN management station 
160 examines the request in state 1104. If the request does not involve installation of a new operating 
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system, the request is handled in state 1106 after which the procedure exits in state 1118." (see column 
14, lines 33-44 of Arrow, emphasis added). Therefore, Arrow discloses the VPN management station 160 
receiving or utilizing the contents of a request message for communication between the IPsec processing 
apparatuses. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Joseph Pan whose telephone number is 571-272-5987. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kim Vu can be reached at 571-272-3859. The fax and phone numbers for the organization where this 
application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 571-272-2100. 

Joseph Pan 
March 13, 2008 
/KIMYEN VU/ 



Supervisory Patent Examiner, Art Unit 2135 



